Hello,
Is it possible to overwrite default HTTP headers in RESTXQ? I am running BaseX in Tomcat 7 and have set the authmethod param set to "Custom." I wanted to define my own WWW-Authenticate header for Digest authentication. I tried something like this:
<http:header name="WWW-Authenticate" value="{ ``[Digest realm="BaseX", qop="auth, auth-int", algorithm=MD5, nonce=`{hash:md5(random:uuid())}`]`` }"/>
(in a custom response, as specified in http://docs.basex.org/wiki/RESTXQ#Custom_Response).
However, the WWW-Authenticate header only returns a value of Custom realm="BaseX" no matter what I do in the custom RESTXQ response.
Thanks in advance, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
Using the web:response-header() function from the BaseX Web Module seems to work for overriding default headers ( http://docs.basex.org/wiki/Web_Module#web:response-header). I do wonder why the behavior differs between this function and directly using a rest:response element. Shouldn't these two be equivalent?
Thanks, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson timathom@gmail.com wrote:
Hello,
Is it possible to overwrite default HTTP headers in RESTXQ? I am running BaseX in Tomcat 7 and have set the authmethod param set to "Custom." I wanted to define my own WWW-Authenticate header for Digest authentication. I tried something like this:
<http:header name="WWW-Authenticate" value="{ ``[Digest realm="BaseX", qop="auth, auth-int", algorithm=MD5, nonce=`{hash:md5(random:uuid())}`]`` }"/>
(in a custom response, as specified in http://docs.basex.org/wiki/ RESTXQ#Custom_Response).
However, the WWW-Authenticate header only returns a value of Custom realm="BaseX" no matter what I do in the custom RESTXQ response.
Thanks in advance, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
Hi Tim,
I am glad to hear the response header output does its job.
As the function does nothing else than creating a response header (unfortunately with this standard caching directive – I think I will remove it along with BaseX 8.7), you could try to replace your response elements with the function’s result. Does this help?
Christian
On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com wrote:
Using the web:response-header() function from the BaseX Web Module seems to work for overriding default headers (http://docs.basex.org/wiki/Web_Module#web:response-header). I do wonder why the behavior differs between this function and directly using a rest:response element. Shouldn't these two be equivalent?
Thanks, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson timathom@gmail.com wrote:
Hello,
Is it possible to overwrite default HTTP headers in RESTXQ? I am running BaseX in Tomcat 7 and have set the authmethod param set to "Custom." I wanted to define my own WWW-Authenticate header for Digest authentication. I tried something like this:
<http:header name="WWW-Authenticate" value="{ ``[Digest realm="BaseX", qop="auth, auth-int", algorithm=MD5, nonce=`{hash:md5(random:uuid())}`]`` }"/>
(in a custom response, as specified in http://docs.basex.org/wiki/RESTXQ#Custom_Response).
However, the WWW-Authenticate header only returns a value of Custom realm="BaseX" no matter what I do in the custom RESTXQ response.
Thanks in advance, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way to set the HTTP status and message via web:response-header, is that right? This would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
I am glad to hear the response header output does its job.
As the function does nothing else than creating a response header (unfortunately with this standard caching directive – I think I will remove it along with BaseX 8.7), you could try to replace your response elements with the function’s result. Does this help?
Christian
On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com wrote:
Using the web:response-header() function from the BaseX Web Module seems
to
work for overriding default headers (http://docs.basex.org/wiki/Web_Module#web:response-header). I do
wonder why
the behavior differs between this function and directly using a rest:response element. Shouldn't these two be equivalent?
Thanks, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson timathom@gmail.com
wrote:
Hello,
Is it possible to overwrite default HTTP headers in RESTXQ? I am running BaseX in Tomcat 7 and have set the authmethod param set to "Custom." I wanted to define my own WWW-Authenticate header for Digest
authentication. I
tried something like this:
<http:header name="WWW-Authenticate" value="{ ``[Digest realm="BaseX", qop="auth, auth-int", algorithm=MD5, nonce=`{hash:md5(random:uuid())}`]`` }"/>
(in a custom response, as specified in http://docs.basex.org/wiki/RESTXQ#Custom_Response).
However, the WWW-Authenticate header only returns a value of Custom realm="BaseX" no matter what I do in the custom RESTXQ response.
Thanks in advance, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
Hi Tim,
That should be possible as well:
rest:response <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com wrote:
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way to set the HTTP status and message via web:response-header, is that right? This would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
I am glad to hear the response header output does its job.
As the function does nothing else than creating a response header (unfortunately with this standard caching directive – I think I will remove it along with BaseX 8.7), you could try to replace your response elements with the function’s result. Does this help?
Christian
On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com wrote:
Using the web:response-header() function from the BaseX Web Module seems to work for overriding default headers (http://docs.basex.org/wiki/Web_Module#web:response-header). I do wonder why the behavior differs between this function and directly using a rest:response element. Shouldn't these two be equivalent?
Thanks, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson timathom@gmail.com wrote:
Hello,
Is it possible to overwrite default HTTP headers in RESTXQ? I am running BaseX in Tomcat 7 and have set the authmethod param set to "Custom." I wanted to define my own WWW-Authenticate header for Digest authentication. I tried something like this:
<http:header name="WWW-Authenticate" value="{ ``[Digest realm="BaseX", qop="auth, auth-int", algorithm=MD5, nonce=`{hash:md5(random:uuid())}`]`` }"/>
(in a custom response, as specified in http://docs.basex.org/wiki/RESTXQ#Custom_Response).
However, the WWW-Authenticate header only returns a value of Custom realm="BaseX" no matter what I do in the custom RESTXQ response.
Thanks in advance, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
Right, the status can be set when using the http:response element directly, but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of the response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
That should be possible as well:
rest:response <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com wrote:
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way to
set
the HTTP status and message via web:response-header, is that right? This would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün <
christian.gruen@gmail.com>
wrote:
Hi Tim,
I am glad to hear the response header output does its job.
As the function does nothing else than creating a response header (unfortunately with this standard caching directive – I think I will remove it along with BaseX 8.7), you could try to replace your response elements with the function’s result. Does this help?
Christian
On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com
wrote:
Using the web:response-header() function from the BaseX Web Module
seems
to work for overriding default headers (http://docs.basex.org/wiki/Web_Module#web:response-header). I do
wonder
why the behavior differs between this function and directly using a rest:response element. Shouldn't these two be equivalent?
Thanks, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson timathom@gmail.com wrote:
Hello,
Is it possible to overwrite default HTTP headers in RESTXQ? I am running BaseX in Tomcat 7 and have set the authmethod param set to "Custom."
I
wanted to define my own WWW-Authenticate header for Digest authentication. I tried something like this:
<http:header name="WWW-Authenticate" value="{ ``[Digest realm="BaseX", qop="auth, auth-int", algorithm=MD5, nonce=`{hash:md5(random:uuid())}`]`` }"/>
(in a custom response, as specified in http://docs.basex.org/wiki/RESTXQ#Custom_Response).
However, the WWW-Authenticate header only returns a value of Custom realm="BaseX" no matter what I do in the custom RESTXQ response.
Thanks in advance, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote:
Right, the status can be set when using the http:response element directly, but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of the response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
That should be possible as well:
rest:response <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com wrote:
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way to set the HTTP status and message via web:response-header, is that right? This would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
I am glad to hear the response header output does its job.
As the function does nothing else than creating a response header (unfortunately with this standard caching directive – I think I will remove it along with BaseX 8.7), you could try to replace your response elements with the function’s result. Does this help?
Christian
On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com wrote:
Using the web:response-header() function from the BaseX Web Module seems to work for overriding default headers (http://docs.basex.org/wiki/Web_Module#web:response-header). I do wonder why the behavior differs between this function and directly using a rest:response element. Shouldn't these two be equivalent?
Thanks, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson timathom@gmail.com wrote:
Hello,
Is it possible to overwrite default HTTP headers in RESTXQ? I am running BaseX in Tomcat 7 and have set the authmethod param set to "Custom." I wanted to define my own WWW-Authenticate header for Digest authentication. I tried something like this:
<http:header name="WWW-Authenticate" value="{ ``[Digest realm="BaseX", qop="auth, auth-int", algorithm=MD5, nonce=`{hash:md5(random:uuid())}`]`` }"/>
(in a custom response, as specified in http://docs.basex.org/wiki/RESTXQ#Custom_Response).
However, the WWW-Authenticate header only returns a value of Custom realm="BaseX" no matter what I do in the custom RESTXQ response.
Thanks in advance, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me override some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header function does let me modify the header, but it does not let me set the HTTP status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün christian.gruen@gmail.com wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote:
Right, the status can be set when using the http:response element
directly,
but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of the response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün <
christian.gruen@gmail.com>
wrote:
Hi Tim,
That should be possible as well:
rest:response <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com
wrote:
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way to set the HTTP status and message via web:response-header, is that right?
This
would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
I am glad to hear the response header output does its job.
As the function does nothing else than creating a response header (unfortunately with this standard caching directive – I think I will remove it along with BaseX 8.7), you could try to replace your response elements with the function’s result. Does this help?
Christian
On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com wrote:
Using the web:response-header() function from the BaseX Web Module seems to work for overriding default headers (http://docs.basex.org/wiki/Web_Module#web:response-header). I do wonder why the behavior differs between this function and directly using a rest:response element. Shouldn't these two be equivalent?
Thanks, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson <timathom@gmail.com
wrote: > > Hello, > > Is it possible to overwrite default HTTP headers in RESTXQ? I am > running > BaseX in Tomcat 7 and have set the authmethod param set to
"Custom."
> I > wanted to define my own WWW-Authenticate header for Digest > authentication. I > tried something like this: > > http:header name="WWW-Authenticate" > value="{ > ``[Digest realm="BaseX", > qop="auth, auth-int", > algorithm=MD5, > nonce=`{hash:md5(random:uuid())}`]`` > }"/> > > (in a custom response, as specified in > http://docs.basex.org/wiki/RESTXQ#Custom_Response). > > However, the WWW-Authenticate header only returns a value of
Custom
> realm="BaseX" no matter what I do in the custom RESTXQ response. > > Thanks in advance, > Tim > > -- > Tim A. Thompson > Discovery Metadata Librarian > Yale University Library >
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header (which simply generates elements that you could write by yourself)?
Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" timathom@gmail.com:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me override some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header function does let me modify the header, but it does not let me set the HTTP status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün christian.gruen@gmail.com wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote:
Right, the status can be set when using the http:response element
directly,
but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of the response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün <
christian.gruen@gmail.com>
wrote:
Hi Tim,
That should be possible as well:
rest:response <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com
wrote:
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way to set the HTTP status and message via web:response-header, is that right?
This
would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
I am glad to hear the response header output does its job.
As the function does nothing else than creating a response header (unfortunately with this standard caching directive – I think I will remove it along with BaseX 8.7), you could try to replace your response elements with the function’s result. Does this help?
Christian
On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com wrote:
Using the web:response-header() function from the BaseX Web Module seems to work for overriding default headers (http://docs.basex.org/wiki/Web_Module#web:response-header). I do wonder why the behavior differs between this function and directly using a rest:response element. Shouldn't these two be equivalent?
Thanks, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson <timathom@gmail.com
wrote: > > Hello, > > Is it possible to overwrite default HTTP headers in RESTXQ? I am > running > BaseX in Tomcat 7 and have set the authmethod param set to
"Custom."
> I > wanted to define my own WWW-Authenticate header for Digest > authentication. I > tried something like this: > > http:header name="WWW-Authenticate" > value="{ > ``[Digest realm="BaseX", > qop="auth, auth-int", > algorithm=MD5, > nonce=`{hash:md5(random:uuid())}`]`` > }"/> > > (in a custom response, as specified in > http://docs.basex.org/wiki/RESTXQ#Custom_Response). > > However, the WWW-Authenticate header only returns a value of
Custom
> realm="BaseX" no matter what I do in the custom RESTXQ response. > > Thanks in advance, > Tim > > -- > Tim A. Thompson > Discovery Metadata Librarian > Yale University Library >
Christian,
Here is a minimal example to try to illustrate what I am referring to:
https://bibfram.es/basex/static/header-test.xhtml
The first case (using the web:response-header() function) produces the desired response. You should see something like this after clicking "Test" (at least the first time, before caching):
<header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce="35B2F3011682300F36AD37048B7B8560" </value> </header>
The second case (using custom elements) does not produce the desired response. You should see something like this after clicking "Test":
<header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" </value> </header>
So the two methods are not producing the same output.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün christian.gruen@gmail.com wrote:
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header (which simply generates elements that you could write by yourself)?
Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" timathom@gmail.com:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me override some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header function does let me modify the header, but it does not let me set the HTTP status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün <christian.gruen@gmail.com
wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote:
Right, the status can be set when using the http:response element
directly,
but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of the response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün <
christian.gruen@gmail.com>
wrote:
Hi Tim,
That should be possible as well:
rest:response <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com
wrote:
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way
to
set the HTTP status and message via web:response-header, is that right?
This
would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
I am glad to hear the response header output does its job.
As the function does nothing else than creating a response header (unfortunately with this standard caching directive – I think I will remove it along with BaseX 8.7), you could try to replace your response elements with the function’s result. Does this help?
Christian
On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com wrote: > Using the web:response-header() function from the BaseX Web Module > seems > to > work for overriding default headers > (http://docs.basex.org/wiki/Web_Module#web:response-header). I do > wonder > why > the behavior differs between this function and directly using a > rest:response element. Shouldn't these two be equivalent? > > Thanks, > Tim > > > -- > Tim A. Thompson > Discovery Metadata Librarian > Yale University Library > > > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson <
timathom@gmail.com>
> wrote: >> >> Hello, >> >> Is it possible to overwrite default HTTP headers in RESTXQ? I am >> running >> BaseX in Tomcat 7 and have set the authmethod param set to
"Custom."
>> I >> wanted to define my own WWW-Authenticate header for Digest >> authentication. I >> tried something like this: >> >> http:header > name="WWW-Authenticate" >> value="{ >> ``[Digest realm="BaseX", >> qop="auth, auth-int", >> algorithm=MD5, >> nonce=`{hash:md5(random:uuid())}`]`` >> }"/> >> >> (in a custom response, as specified in >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). >> >> However, the WWW-Authenticate header only returns a value of
Custom
>> realm="BaseX" no matter what I do in the custom RESTXQ response. >> >> Thanks in advance, >> Tim >> >> -- >> Tim A. Thompson >> Discovery Metadata Librarian >> Yale University Library >> >
Actually, I was wrong. The issue seems to be with the 401 Unauthorized status needed with Digest authentication. I can control the header value using both methods when the status is 200 OK, but BaseX does not allow me to modify the WWW-Authenticate header when the status is 401. Is this something that could be changed?
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 10:26 PM, Tim Thompson timathom@gmail.com wrote:
Christian,
Here is a minimal example to try to illustrate what I am referring to:
https://bibfram.es/basex/static/header-test.xhtml
The first case (using the web:response-header() function) produces the desired response. You should see something like this after clicking "Test" (at least the first time, before caching):
<header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce=" 35B2F3011682300F36AD37048B7B8560" </value> </header>
The second case (using custom elements) does not produce the desired response. You should see something like this after clicking "Test":
<header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" </value> </header>
So the two methods are not producing the same output.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün <christian.gruen@gmail.com
wrote:
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header (which simply generates elements that you could write by yourself)?
Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" timathom@gmail.com:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me override some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header function does let me modify the header, but it does not let me set the HTTP status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün < christian.gruen@gmail.com> wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote:
Right, the status can be set when using the http:response element
directly,
but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of the response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün <
christian.gruen@gmail.com>
wrote:
Hi Tim,
That should be possible as well:
rest:response <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com
wrote:
Hi, Christian,
Yes, it does. The only issue is that there doesn't seem to be a way
to
set the HTTP status and message via web:response-header, is that right?
This
would be a great feature to have :)
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün christian.gruen@gmail.com wrote: > > Hi Tim, > > I am glad to hear the response header output does its job. > > As the function does nothing else than creating a response header > (unfortunately with this standard caching directive – I think I
will
> remove it along with BaseX 8.7), you could try to replace your > response elements with the function’s result. Does this help? > > Christian > > > > On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com > wrote: > > Using the web:response-header() function from the BaseX Web
Module
> > seems > > to > > work for overriding default headers > > (http://docs.basex.org/wiki/Web_Module#web:response-header). I
do
> > wonder > > why > > the behavior differs between this function and directly using a > > rest:response element. Shouldn't these two be equivalent? > > > > Thanks, > > Tim > > > > > > -- > > Tim A. Thompson > > Discovery Metadata Librarian > > Yale University Library > > > > > > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson <
timathom@gmail.com>
> > wrote: > >> > >> Hello, > >> > >> Is it possible to overwrite default HTTP headers in RESTXQ? I am > >> running > >> BaseX in Tomcat 7 and have set the authmethod param set to
"Custom."
> >> I > >> wanted to define my own WWW-Authenticate header for Digest > >> authentication. I > >> tried something like this: > >> > >> http:header >> name="WWW-Authenticate" > >> value="{ > >> ``[Digest realm="BaseX", > >> qop="auth, auth-int", > >> algorithm=MD5, > >> nonce=`{hash:md5(random:uuid())}`]`` > >> }"/> > >> > >> (in a custom response, as specified in > >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). > >> > >> However, the WWW-Authenticate header only returns a value of
Custom
> >> realm="BaseX" no matter what I do in the custom RESTXQ response. > >> > >> Thanks in advance, > >> Tim > >> > >> -- > >> Tim A. Thompson > >> Discovery Metadata Librarian > >> Yale University Library > >> > >
I must confess I’ll need some time to get through this (I haven’t spent too much time with the Custom option so far). If everything works out, I’ll be able to do so in the upcoming week. If you manage to provide me with an SSCCE that show exactly what would need to happen, that would be great!
Thanks, Christian
On Sat, Aug 19, 2017 at 4:54 AM, Tim Thompson timathom@gmail.com wrote:
Actually, I was wrong. The issue seems to be with the 401 Unauthorized status needed with Digest authentication. I can control the header value using both methods when the status is 200 OK, but BaseX does not allow me to modify the WWW-Authenticate header when the status is 401. Is this something that could be changed?
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 10:26 PM, Tim Thompson timathom@gmail.com wrote:
Christian,
Here is a minimal example to try to illustrate what I am referring to:
https://bibfram.es/basex/static/header-test.xhtml
The first case (using the web:response-header() function) produces the desired response. You should see something like this after clicking "Test" (at least the first time, before caching):
<header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce="35B2F3011682300F36AD37048B7B8560" </value> </header>
The second case (using custom elements) does not produce the desired response. You should see something like this after clicking "Test":
<header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" </value> </header>
So the two methods are not producing the same output.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün christian.gruen@gmail.com wrote:
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header (which simply generates elements that you could write by yourself)?
Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" timathom@gmail.com:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me override some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header function does let me modify the header, but it does not let me set the HTTP status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün christian.gruen@gmail.com wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote:
Right, the status can be set when using the http:response element directly, but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of the response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün christian.gruen@gmail.com wrote:
Hi Tim,
That should be possible as well:
rest:response <http:response status="{ ... }" message="{ ... }"/> </rest:response>
Cheers, Christian
On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com wrote: > Hi, Christian, > > Yes, it does. The only issue is that there doesn't seem to be a way > to > set > the HTTP status and message via web:response-header, is that right? > This > would be a great feature to have :) > > Tim > > -- > Tim A. Thompson > Discovery Metadata Librarian > Yale University Library > > > On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün > christian.gruen@gmail.com > wrote: >> >> Hi Tim, >> >> I am glad to hear the response header output does its job. >> >> As the function does nothing else than creating a response header >> (unfortunately with this standard caching directive – I think I >> will >> remove it along with BaseX 8.7), you could try to replace your >> response elements with the function’s result. Does this help? >> >> Christian >> >> >> >> On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson timathom@gmail.com >> wrote: >> > Using the web:response-header() function from the BaseX Web >> > Module >> > seems >> > to >> > work for overriding default headers >> > (http://docs.basex.org/wiki/Web_Module#web:response-header). I >> > do >> > wonder >> > why >> > the behavior differs between this function and directly using a >> > rest:response element. Shouldn't these two be equivalent? >> > >> > Thanks, >> > Tim >> > >> > >> > -- >> > Tim A. Thompson >> > Discovery Metadata Librarian >> > Yale University Library >> > >> > >> > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson >> > timathom@gmail.com >> > wrote: >> >> >> >> Hello, >> >> >> >> Is it possible to overwrite default HTTP headers in RESTXQ? I >> >> am >> >> running >> >> BaseX in Tomcat 7 and have set the authmethod param set to >> >> "Custom." >> >> I >> >> wanted to define my own WWW-Authenticate header for Digest >> >> authentication. I >> >> tried something like this: >> >> >> >> http:header > >> name="WWW-Authenticate" >> >> value="{ >> >> ``[Digest realm="BaseX", >> >> qop="auth, auth-int", >> >> algorithm=MD5, >> >> nonce=`{hash:md5(random:uuid())}`]`` >> >> }"/> >> >> >> >> (in a custom response, as specified in >> >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). >> >> >> >> However, the WWW-Authenticate header only returns a value of >> >> Custom >> >> realm="BaseX" no matter what I do in the custom RESTXQ >> >> response. >> >> >> >> Thanks in advance, >> >> Tim >> >> >> >> -- >> >> Tim A. Thompson >> >> Discovery Metadata Librarian >> >> Yale University Library >> >> >> > > >
Christian,
Thinking through this more, I don't believe anything needs to change in the current BaseX authentication handling. For my use case, I can just use the default BaseX Digest authentication, or else use a custom HTTP header.
I apologize for the trouble!
Thanks again, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Sun, Aug 20, 2017 at 1:10 PM, Christian Grün christian.gruen@gmail.com wrote:
I must confess I’ll need some time to get through this (I haven’t spent too much time with the Custom option so far). If everything works out, I’ll be able to do so in the upcoming week. If you manage to provide me with an SSCCE that show exactly what would need to happen, that would be great!
Thanks, Christian
On Sat, Aug 19, 2017 at 4:54 AM, Tim Thompson timathom@gmail.com wrote:
Actually, I was wrong. The issue seems to be with the 401 Unauthorized status needed with Digest authentication. I can control the header value using both methods when the status is 200 OK, but BaseX does not allow
me to
modify the WWW-Authenticate header when the status is 401. Is this
something
that could be changed?
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 10:26 PM, Tim Thompson timathom@gmail.com
wrote:
Christian,
Here is a minimal example to try to illustrate what I am referring to:
https://bibfram.es/basex/static/header-test.xhtml
The first case (using the web:response-header() function) produces the desired response. You should see something like this after clicking
"Test"
(at least the first time, before caching):
<header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce="35B2F3011682300F36AD37048B7B8560" </value> </header>
The second case (using custom elements) does not produce the desired response. You should see something like this after clicking "Test":
<header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" </value> </header>
So the two methods are not producing the same output.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün christian.gruen@gmail.com wrote:
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header
(which
simply generates elements that you could write by yourself)?
Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" timathom@gmail.com:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me
override
some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header
function
does let me modify the header, but it does not let me set the HTTP
status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün christian.gruen@gmail.com wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote:
Right, the status can be set when using the http:response element directly, but the web:response-header function does not seem to provide access to that. It only allows one to set new headers, not set the status of
the
response.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün christian.gruen@gmail.com wrote: > > Hi Tim, > > That should be possible as well: > > rest:response > <http:response status="{ ... }" message="{ ... }"/> > </rest:response> > > Cheers, > Christian > > > > On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson timathom@gmail.com > wrote: > > Hi, Christian, > > > > Yes, it does. The only issue is that there doesn't seem to be a
way
> > to > > set > > the HTTP status and message via web:response-header, is that
right?
> > This > > would be a great feature to have :) > > > > Tim > > > > -- > > Tim A. Thompson > > Discovery Metadata Librarian > > Yale University Library > > > > > > On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün > > christian.gruen@gmail.com > > wrote: > >> > >> Hi Tim, > >> > >> I am glad to hear the response header output does its job. > >> > >> As the function does nothing else than creating a response
header
> >> (unfortunately with this standard caching directive – I think I > >> will > >> remove it along with BaseX 8.7), you could try to replace your > >> response elements with the function’s result. Does this help? > >> > >> Christian > >> > >> > >> > >> On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson <
timathom@gmail.com>
> >> wrote: > >> > Using the web:response-header() function from the BaseX Web > >> > Module > >> > seems > >> > to > >> > work for overriding default headers > >> > (http://docs.basex.org/wiki/Web_Module#web:response-header).
I
> >> > do > >> > wonder > >> > why > >> > the behavior differs between this function and directly using
a
> >> > rest:response element. Shouldn't these two be equivalent? > >> > > >> > Thanks, > >> > Tim > >> > > >> > > >> > -- > >> > Tim A. Thompson > >> > Discovery Metadata Librarian > >> > Yale University Library > >> > > >> > > >> > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson > >> > timathom@gmail.com > >> > wrote: > >> >> > >> >> Hello, > >> >> > >> >> Is it possible to overwrite default HTTP headers in RESTXQ? I > >> >> am > >> >> running > >> >> BaseX in Tomcat 7 and have set the authmethod param set to > >> >> "Custom." > >> >> I > >> >> wanted to define my own WWW-Authenticate header for Digest > >> >> authentication. I > >> >> tried something like this: > >> >> > >> >> http:header >> >> name="WWW-Authenticate" > >> >> value="{ > >> >> ``[Digest realm="BaseX", > >> >> qop="auth, auth-int", > >> >> algorithm=MD5, > >> >> nonce=`{hash:md5(random:uuid())}`]`` > >> >> }"/> > >> >> > >> >> (in a custom response, as specified in > >> >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). > >> >> > >> >> However, the WWW-Authenticate header only returns a value of > >> >> Custom > >> >> realm="BaseX" no matter what I do in the custom RESTXQ > >> >> response. > >> >> > >> >> Thanks in advance, > >> >> Tim > >> >> > >> >> -- > >> >> Tim A. Thompson > >> >> Discovery Metadata Librarian > >> >> Yale University Library > >> >> > >> > > > > >
Good news ;) Thanks for the update!
Am 22.08.2017 20:00 schrieb "Tim Thompson" timathom@gmail.com:
Christian,
Thinking through this more, I don't believe anything needs to change in the current BaseX authentication handling. For my use case, I can just use the default BaseX Digest authentication, or else use a custom HTTP header.
I apologize for the trouble!
Thanks again, Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Sun, Aug 20, 2017 at 1:10 PM, Christian Grün <christian.gruen@gmail.com
wrote:
I must confess I’ll need some time to get through this (I haven’t spent too much time with the Custom option so far). If everything works out, I’ll be able to do so in the upcoming week. If you manage to provide me with an SSCCE that show exactly what would need to happen, that would be great!
Thanks, Christian
On Sat, Aug 19, 2017 at 4:54 AM, Tim Thompson timathom@gmail.com wrote:
Actually, I was wrong. The issue seems to be with the 401 Unauthorized status needed with Digest authentication. I can control the header value using both methods when the status is 200 OK, but BaseX does not allow
me to
modify the WWW-Authenticate header when the status is 401. Is this
something
that could be changed?
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 10:26 PM, Tim Thompson timathom@gmail.com
wrote:
Christian,
Here is a minimal example to try to illustrate what I am referring to:
https://bibfram.es/basex/static/header-test.xhtml
The first case (using the web:response-header() function) produces the desired response. You should see something like this after clicking
"Test"
(at least the first time, before caching):
<header> <name>WWW-Authenticate</name> <value>Digest realm="BaseX", nonce="35B2F3011682300F36AD37048B7B8560" </value> </header>
The second case (using custom elements) does not produce the desired response. You should see something like this after clicking "Test":
<header> <name>WWW-Authenticate</name> <value>Custom realm="BaseX" </value> </header>
So the two methods are not producing the same output.
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 7:28 PM, Christian Grün christian.gruen@gmail.com wrote:
Hm, I still need to understand: Why can't you set WWW-Authenticate via standard response elements if you can do it with web:response-header
(which
simply generates elements that you could write by yourself)?
Am 19.08.2017 1:04 vorm. schrieb "Tim Thompson" timathom@gmail.com:
Yes, but that brings me back to my original issue. The standard RESTXQ response headers let me set the HTTP status, but they don't let me
override
some default header values: namely, WWW-Authenticate when BaseX is configured for "Custom" authentication. The web:response-header
function
does let me modify the header, but it does not let me set the HTTP
status.
So, there are two different solutions here; each solves part of my problem, but neither one solves the whole problem :(
Tim
-- Tim A. Thompson Discovery Metadata Librarian Yale University Library
On Fri, Aug 18, 2017 at 4:46 PM, Christian Grün christian.gruen@gmail.com wrote:
True. In many cases, you are probably more flexible by using the standard RESTXQ response headers.
On Fri, Aug 18, 2017 at 4:37 PM, Tim Thompson timathom@gmail.com wrote: > Right, the status can be set when using the http:response element > directly, > but the web:response-header function does not seem to provide
access
> to > that. It only allows one to set new headers, not set the status of
the
> response. > > > > > -- > Tim A. Thompson > Discovery Metadata Librarian > Yale University Library > > > On Fri, Aug 18, 2017 at 9:23 AM, Christian Grün > christian.gruen@gmail.com > wrote: >> >> Hi Tim, >> >> That should be possible as well: >> >> rest:response >> <http:response status="{ ... }" message="{ ... }"/> >> </rest:response> >> >> Cheers, >> Christian >> >> >> >> On Fri, Aug 18, 2017 at 3:20 PM, Tim Thompson <timathom@gmail.com
>> wrote: >> > Hi, Christian, >> > >> > Yes, it does. The only issue is that there doesn't seem to be a
way
>> > to >> > set >> > the HTTP status and message via web:response-header, is that
right?
>> > This >> > would be a great feature to have :) >> > >> > Tim >> > >> > -- >> > Tim A. Thompson >> > Discovery Metadata Librarian >> > Yale University Library >> > >> > >> > On Fri, Aug 18, 2017 at 4:25 AM, Christian Grün >> > christian.gruen@gmail.com >> > wrote: >> >> >> >> Hi Tim, >> >> >> >> I am glad to hear the response header output does its job. >> >> >> >> As the function does nothing else than creating a response
header
>> >> (unfortunately with this standard caching directive – I think I >> >> will >> >> remove it along with BaseX 8.7), you could try to replace your >> >> response elements with the function’s result. Does this help? >> >> >> >> Christian >> >> >> >> >> >> >> >> On Thu, Aug 17, 2017 at 9:21 PM, Tim Thompson <
timathom@gmail.com>
>> >> wrote: >> >> > Using the web:response-header() function from the BaseX Web >> >> > Module >> >> > seems >> >> > to >> >> > work for overriding default headers >> >> > (http://docs.basex.org/wiki/Web_Module#web:response-header).
I
>> >> > do >> >> > wonder >> >> > why >> >> > the behavior differs between this function and directly
using a
>> >> > rest:response element. Shouldn't these two be equivalent? >> >> > >> >> > Thanks, >> >> > Tim >> >> > >> >> > >> >> > -- >> >> > Tim A. Thompson >> >> > Discovery Metadata Librarian >> >> > Yale University Library >> >> > >> >> > >> >> > On Thu, Aug 17, 2017 at 11:50 AM, Tim Thompson >> >> > timathom@gmail.com >> >> > wrote: >> >> >> >> >> >> Hello, >> >> >> >> >> >> Is it possible to overwrite default HTTP headers in RESTXQ?
I
>> >> >> am >> >> >> running >> >> >> BaseX in Tomcat 7 and have set the authmethod param set to >> >> >> "Custom." >> >> >> I >> >> >> wanted to define my own WWW-Authenticate header for Digest >> >> >> authentication. I >> >> >> tried something like this: >> >> >> >> >> >> http:header > >> >> name="WWW-Authenticate" >> >> >> value="{ >> >> >> ``[Digest realm="BaseX", >> >> >> qop="auth, auth-int", >> >> >> algorithm=MD5, >> >> >> nonce=`{hash:md5(random:uuid())}`]`` >> >> >> }"/> >> >> >> >> >> >> (in a custom response, as specified in >> >> >> http://docs.basex.org/wiki/RESTXQ#Custom_Response). >> >> >> >> >> >> However, the WWW-Authenticate header only returns a value of >> >> >> Custom >> >> >> realm="BaseX" no matter what I do in the custom RESTXQ >> >> >> response. >> >> >> >> >> >> Thanks in advance, >> >> >> Tim >> >> >> >> >> >> -- >> >> >> Tim A. Thompson >> >> >> Discovery Metadata Librarian >> >> >> Yale University Library >> >> >> >> >> > >> > >> > > >
basex-talk@mailman.uni-konstanz.de
-
Christian Grün -
Tim Thompson